Cyber Resilience

CVE-2026-21488

Medium

Published: 06 January 2026

Published
06 January 2026
Modified
14 January 2026
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
EPSS Score 0.0001 1.9th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21488 is a medium-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Color Iccdev. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 1.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21488 is a vulnerability in iccDEV, a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are affected by out-of-bounds read (CWE-125), heap-based buffer overflow (CWE-122), and improper null termination (CWE-170) issues in the CIccTagText::Read function. The vulnerability was published on 2026-01-06 and has a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H).

An attacker with local access can exploit this vulnerability with low complexity and no privileges required, but it necessitates user interaction, such as tricking a user into processing a malicious ICC profile. Successful exploitation could lead to a heap-based buffer overflow causing high availability impact, such as application crashes or denial of service, alongside limited confidentiality impact from the out-of-bounds read.

The issue is addressed in iccDEV version 2.3.1.2. Mitigation involves updating to this patched version, as detailed in the GitHub security advisory (GHSA-4j2g-rvv4-86vg) and the fixing commit (9daaccceb231c43db8cab312ee5bbe9d2aa6b153).

EU & UK References

Vulnerability details

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText::Read function. This issue is fixed in…

more

version 2.3.1.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Vulnerability is triggered by processing a malicious ICC profile file, directly mapping to user execution of a malicious file for local exploitation leading to DoS/info leak.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21490Same product: Color Iccdev
CVE-2026-24852Same product: Color Iccdev
CVE-2026-21494Same product: Color Iccdev
CVE-2026-21489Same product: Color Iccdev
CVE-2026-25583Same product: Color Iccdev
CVE-2026-21504Same product: Color Iccdev
CVE-2026-21501Same product: Color Iccdev
CVE-2026-22255Same product: Color Iccdev
CVE-2026-21491Same product: Color Iccdev
CVE-2026-27692Same product: Color Iccdev

Affected Assets

color
iccdev
≤ 2.3.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of the vendor patch that eliminates the out-of-bounds read, heap overflow, and null-termination flaws in CIccTagText::Read.

prevent

Mandates input validation on untrusted ICC profile data, which would have prevented the malformed input from triggering the buffer-handling defects.

prevent

Provides memory-protection mechanisms that can mitigate exploitation of the heap-based buffer overflow even if the vulnerable parsing code is reached.

References